Login Sign Up

CVE-2025-5592

7.3 HIGH
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

A critical buffer overflow vulnerability in FreeFloat FTP Server 1.0's PASSIVE command handler allows remote attackers to execute arbitrary code or crash the service. This affects all deployments of FreeFloat FTP Server 1.0 with the vulnerable component enabled. Attackers can exploit this without authentication over the network.

💻 Affected Systems

Products:
  • FreeFloat FTP Server
Versions: 1.0
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability is in the PASSIVE command handler component; all standard installations are affected

📦 What is this software?

Ftp Server by Freefloat

View all CVEs affecting Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment

🟠

Likely Case

Service crash causing denial of service, with potential for RCE if exploit is weaponized

🟢

If Mitigated

Denial of service only if exploit attempts are blocked by network controls

🌐 Internet-Facing: HIGH - Remote, unauthenticated exploitation with public exploit available
🏢 Internal Only: HIGH - Same exploit works internally, could facilitate lateral movement

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit code is available, making exploitation straightforward for attackers

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: N/A

Restart Required: No

Instructions:

No official patch available. Consider migrating to a maintained FTP server solution.

🔧 Temporary Workarounds

Disable PASSIVE mode

windows

Configure FreeFloat FTP Server to disable PASSIVE mode, forcing clients to use ACTIVE mode only

Edit server configuration to set passive mode = false

Network segmentation

windows

Restrict FTP server access to trusted networks only using firewall rules

Windows Firewall: New Inbound Rule blocking port 21 from untrusted networks

🧯 If You Can't Patch

  • Replace FreeFloat FTP Server with a maintained alternative like FileZilla Server, vsftpd, or ProFTPD
  • Implement strict network access controls and monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check if FreeFloat FTP Server 1.0 is installed and running on port 21

Check Version:

Check program files directory for FreeFloat FTP Server and version information

Verify Fix Applied:

Verify PASSIVE mode is disabled in configuration or server has been replaced

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed PASSIVE command attempts
  • Unusual buffer overflow errors in server logs
  • Server crash/restart events

Network Indicators:

  • Malformed PASSIVE commands with excessive data
  • Exploit pattern matching from public PoC

SIEM Query:

source="ftp_server.log" AND ("PASSIVE" AND "overflow" OR "crash")

📊 Metadata

CVE ID: CVE-2025-5592
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-119
EPSS Score: 0.11% exploit probability (29.1th percentile)
Published: June 4, 2025
Last Updated: June 9, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5592, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)